Given the rapid expansion of the Internet, the reliance upon electronic messaging, the widespread transmission of data and the ongoing concerns of privacy and security, cryptography is an area to which considerable attention must be directed. The problem exists in three areas, first, between members of a local message system having an encryption system; second, between members and non-members of the encryption system; and, third, between two non-members.
One method of sending secured messages for these three cases is the use of session keys that apply to a single information exchange session. Another method is by using public and private keys to encrypt and decrypt messages. The term encryption key pair is used to include session keys, public and private keys, and can both can be encrypted and unencrypted themselves. Both methods use an encryption key and decryption key for electronic messages. In this second system, two keys are mathematically linked; the public key is distributed to other users and used to encrypt messages back to the sender, and the private key is kept secret and used to decrypt a message encrypted with the public key. There are disadvantages with both methods. For example, while single session keys, having an encryption and decryption key, may be very secure, these keys are difficult to distribute and maintain especially when multiple parties need to communicate securely with one another. Therefore, it is problematic, to say the least, to maintain a single session encryption key pair system when the users could include all the users of the Internet. This is especially true when the number of potential Internet users is expected to reach 490 million by the year 2002.
Existing public/private key systems require that each user have a public and private key such as the widely used PGP system. This requires that each individual have a public key or encryption key distributed to other users while the individual keeps a private key or decryption key secret for the decryption of the messages. These traditional systems require that each user of a public/private key system maintain a set of keys, have software for utilizing the keys, and have each message encrypted and decrypted with the keys and software. Again, considerable setup and maintenance is required by the senders and recipients to use this type of system. The automation of such traditional systems can simply these tasks.
This task is somewhat simplified when limited to local users of a central message system. An internal server can automatically manage the associated keys as well as automate much of the encryption and decryption process. Additionally, the subscribers to a secure message service can have significantly more of this process automated, thereby reducing the complexity and difficulty for the local user or subscriber. In fact, the encryption and decryption can become transparent. The task is complicated when it is necessary to send messages beyond the local system or subscribers to third parties. For example, a local user or member may wish to send an encrypted message over the Internet to an email account maintained by an ISP or other source, such as a Hotmail, AOL, or Yahoo! account. While members of the local encryption system can have the benefit of managed keys, other users or non-members do not have this benefit. The members of an encryption system need a simple but secure system to send encrypted messages to a non-member user. Further, existing secure message management systems have often required difficult installations having processes that are difficult to use by the widespread user community of the Internet and other networks.
Therefore, there is a need in this area to provide for a secure messaging system which does not require individuals to maintain permanent keys nor is restricted to a particular network in order to receive and decrypt encrypted messages. Further, there is a need for a secure message system that enables the user to send and receive messages without requiring complicated setup by the user.